chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:2bbbe034447cac485b2dd04723b4f8de8ab28f58
Branches Tags
chris:main
chris:experimental/clan
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:4fd0b16db0fab33baab4dc403b867b893878ab60
Branches Tags
chris:main
chris:experimental/clan
chris:feature/convex
chris:feature/nix-anywhere

No commits in common. "2bbbe034447cac485b2dd04723b4f8de8ab28f58" and "4fd0b16db0fab33baab4dc403b867b893878ab60" have entirely different histories.
2bbbe03444 ... 4fd0b16db0

6 changed files with 32 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

14
flake.lock generated
View file

@ -83,11 +83,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1774258552, "lastModified": 1774210137,
"narHash": "sha256-wTJJxhLPr3OHXQ23H9+Ch1YjdlaoMf3605ezfRYLaC4=", "narHash": "sha256-QaPn/8NlrXd6jd8S9+KV2pYsGNZ8KWU5+jv2/QtRlUw=",
"rev": "28bb98f5aec0ea70b623ab4953eb8186acdb7bba", "rev": "1862f2641e54a51755b0b9acb907d01f6b324b2a",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/28bb98f5aec0ea70b623ab4953eb8186acdb7bba.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1862f2641e54a51755b0b9acb907d01f6b324b2a.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -980,11 +980,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1774259547, "lastModified": 1774253681,
"narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", "narHash": "sha256-U3LMRHov4wQ4olZq/zvf94Qf7oL6W11fjvZGvWg3gZc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", "rev": "16b430b0e3a5233df0444f14928af915555308ac",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -543,12 +543,12 @@ in
networking.caddy = { networking.caddy = {
hosts = { hosts = {
"auth.kruining.eu" = '' "auth.kruining.eu" = ''
reverse_proxy h2c://[::1]:9092 reverse_proxy h2c://::1:9092
''; '';
}; };
extraConfig = '' extraConfig = ''
(auth) { (auth) {
forward_auth h2c://[::1]:9092 { forward_auth h2c://::1:9092 {
uri /api/authz/forward-auth uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
} }

4
modules/nixos/services/communication/matrix/default.nix
View file

@ -89,8 +89,8 @@ in {
''; '';
"${fqn}" = '' "${fqn}" = ''
reverse_proxy /_matrix/* http://[::1]:${toString port} reverse_proxy /_matrix/* http://::1:${toString port}
reverse_proxy /_synapse/client/* http://[::1]:${toString port} reverse_proxy /_synapse/client/* http://::1:${toString port}
''; '';
}; };
}; };

14
modules/nixos/services/networking/caddy/default.nix
View file

@ -10,15 +10,6 @@
cfg = config.${namespace}.services.networking.caddy; cfg = config.${namespace}.services.networking.caddy;
hasHosts = (cfg.hosts |> attrNames |> length) > 0; hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" {
buildGo125Module = pkgs.buildGo126Module;
caddy = caddyBase;
};
caddyPackage =
caddyBase.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE=";
};
in { in {
options.${namespace}.services.networking.caddy = { options.${namespace}.services.networking.caddy = {
enable = mkEnableOption "enable caddy" // {default = true;}; enable = mkEnableOption "enable caddy" // {default = true;};
@ -36,7 +27,10 @@ in {
services.caddy = { services.caddy = {
enable = cfg.enable; enable = cfg.enable;
package = caddyPackage; package = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
};
virtualHosts = virtualHosts =
cfg.hosts cfg.hosts

18
modules/nixos/services/networking/wireguard/default.nix
View file

@ -33,15 +33,15 @@ in {
}; };
config = mkIf hasPeers { config = mkIf hasPeers {
# networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
# networking.wq-quick = { networking.wq-quick = {
# # enable = cfg.enable; # enable = cfg.enable;
# interfaces = interfaces =
# cfg.peer cfg.peer
# |> attrsToList |> attrsToList
# |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {}))) |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // { }));
# |> listToAttrs; |> listToAttrs
# }; };
}; };
} }

19
modules/nixos/services/observability/promtail/default.nix
View file

@ -1,15 +1,11 @@
{ { pkgs, config, lib, namespace, ... }:
pkgs, let
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.promtail; cfg = config.${namespace}.services.observability.promtail;
in { in
{
options.${namespace}.services.observability.promtail = { options.${namespace}.services.observability.promtail = {
enable = mkEnableOption "enable Grafana Promtail"; enable = mkEnableOption "enable Grafana Promtail";
}; };
@ -35,7 +31,7 @@ in {
clients = [ clients = [
{ {
url = "http://[::1]:9003/loki/api/v1/push"; url = "http://::1:9003/loki/api/v1/push";
} }
]; ];
@ -50,10 +46,7 @@ in {
}; };
}; };
relabel_configs = [ relabel_configs = [
{ { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; }
source_labels = ["__journal__systemd_unit"];
target_label = "unit";
}
]; ];
} }
]; ];